How to Pass Certified Kubernetes Administrator (CKA) 2024

This CKA Exam study guide is here to help you get ready for the CKA Certification exam. It includes all the stuff you need. CKA is a top Kubernetes certification that focuses on how to develop with Kubernetes.

In this guide, I’ll share all the resources you’ll need to prepare for the CKA exam. Plus, I’ll give you tips that helped me pass the CKA exam with a score of 98 out of 100.

What is Kubernetes ?

Kubernetes, also referred to as “kube” or “k8s,” is software that automatically manages, scales, and maintains multi-container workloads in desired states.

Why use Kubernetes?

One of the benefits of Kubernetes is that it makes building and running complex applications much simpler. Here’s a handful of the many Kubernetes features:

• Standard services like local DNS and basic load-balancing that most applications need, and are easy to use.
• Standard behaviors (e.g., restart this container if it dies) that are easy to invoke, and do most of the work of keeping applications running, available, and performant.
• A standard set of abstract “objects” (called things like “pods,” “replicasets,” and “deployments”) that wrap around containers and make it easy to build configurations around collections of containers.
• A standard API that applications can call to easily enable more sophisticated behaviors, making it much easier to create applications that manage other applications.

What Is CKA (Certified Kubernetes Administrator) Exam?

The official CNCF certification page says :

The purpose of the Certified Kubernetes Administrator (CKA) program is to provide assurance that CKAs have the skills, knowledge, and competency to perform the responsibilities of Kubernetes administrators.

Register for the CKA Certification [Save 20% Today]

To begin your journey of becoming a Certified Kubernetes Administrator – start by registering for the exam on the Linux Foundation portal.

Register today and use our exclusive coupon code TECK20 for the CKAD exam to get a 20% discount on CKAD (and KCNA, CKA, and CKS certifications ). This code expires soon.

CKA Exam Voucher: Use coupon Code TECK20 at checkout

Hurry Up: Offer valid or Limited Time  ⏳

• Upon registration, you have ONE YEAR to schedule and complete the exam.
• The CKA exam is conducted online and remotely proctored.
• To pass the exam, you must achieve a score of 66% or higher.
• CKA Certification is valid for 3 years. If you give the exam after April 1st 2024, it will be valid for only two years
• You are allowed a maximum of 2 attempts to take the test. However, if you miss a scheduled exam for any reason, your second attempt will be invalidated.
• Free access to killer.sh for the CKA practice exam.

Note

 Save $80 Today on CKA | CKAD | CKS certification using the Voucher code TECK20 .

Offer Ends Soon !

Note: You can always check the latest Kubernetes Certification Voucher Codes to save costs on the CKA, CKAD, and CKS certification registration

CKA Certification Preparation Guide

This section will go over resources and links that can help you prepare for the CKA exam and pass the CKA certification with very good score.

CKA Exam Prerequisites

CKA does not require any candidate to have any other certification before they can appear for the CKA exam. The only thing required to clear the exam is a conceptual and practical understanding of Kubernetes’s components and native objects. Also a lot of hands-on practice.

Personally I preferred to start with CKAD as it offers a narrower focus and a good foundation for understanding Kubernetes. Others might prefer diving into CKA directly, especially if they have experience with Kubernetes administration.

To get started with CKAD Exam Preparation journey check our certification Study Guide here :

CKA Exam Details

The CKA exam is an open-book exam i.e. you can use the following websites while you are taking the exam.

1. https://kubernetes.io/docs/
2. https://github.com/kubernetes/
3. https://kubernetes.io/blog/ and their subdomains. This includes all available language translations of these pages (e.g. https://kubernetes.io/zh/docs/)

CKA Exam Environment

The CKA exam environment consists of six clusters ( running Kubernetes v1.29) , each composed of a different number of nodes.

• To ensure efficiency and minimize context switching, each task in the exam must be completed within a designated cluster/configuration context.
• The tasks are thoughtfully grouped together so that all questions pertaining to a particular cluster are presented consecutively.

CKA Exam Syllabus

The best way to prepare for the CKA Certification exam is to get a clear understanding of the concepts involved and do a lot of hands-on practice.

Even if you’re actively working in Kubernetes production environments, you’ll still need to practice to pass the exam

The CKA exam doesn’t include multiple-choice questions, so hands-on practice is essential

The Practice Labs are a great way to reinforce your learning and increase your confidence in taking the CKA exam.

CKA Certification Learning Path

You are a Newbie

This roadmap provides a structured approach to learning the fundamentals of Linux, containers, and Kubernetes. With dedication and consistent practice, you’ll be well-equipped to navigate the world of cloud-native computing and advanced DevOps.

Here’s a recommended roadmap for beginners to embark on this fascinating learning journey:

Linux for Beginners

1. Introduction to Linux: Gain a comprehensive understanding of the history, philosophy, and core principles of Linux.
2. Linux Shell: Master the command-line interface, including essential commands like cd, ls, mkdir, rm, and touch.
3. Linux Kernel: Delve into the heart of Linux, exploring its architecture, components, and role in managing system resources.
4. RunLevels: Understand the concept of RunLevels and how they determine the system’s startup behavior.
5. FileTypes: Familiarize yourself with the various file types and their usage in Linux systems.
6. RPM/YUM: Learn about the RPM package management system and how to use YUM to install, update, and remove packages.
7. DPKG/APT: Understand the DPKG package management system and how to use APT to manage packages in Debian-based distributions.
8. APG (Advanced PGP): Explore the concept of encryption and learn how to use APG to generate and manage cryptographic keys.
9. vi Editor: Master the vi text editor, one of the most prevalent editors in the Linux ecosystem.

Networking Fundamentals

1. Network Basics: Grasp the fundamental concepts of networking, including IP addressing, routing, and network protocols.
2. DNS (Domain Name System): Understand how DNS resolves domain names into IP addresses, enabling internet navigation.
3. SSH (Secure Shell): Learn how to establish secure remote connections using SSH, a crucial tool for managing Linux systems remotely.
4. SCP (Secure Copy): Master SCP for securely transferring files between Linux systems over SSH connections.
5. iptables: Delve into the world of iptables, the Linux firewall tool used to control network traffic.

Containers and Kubernetes

1. Introduction to Containers: Gain a thorough understanding of the concept of containers, their benefits, and how they differ from virtual machines.
2. Docker: Master Docker, the leading containerization platform, for creating, running, and managing containers.
3. Kubernetes: Explore Kubernetes, the container orchestration platform, for deploying, managing, and scaling containerized applications.
4. Networking in Containers: Understand networking concepts specific to containers, including Docker networking and Kubernetes networking.
5. Kubernetes Deployments and Services: Learn how to deploy and manage containerized applications using Kubernetes deployments and services.
6. Kubernetes Scaling: Master Kubernetes scaling techniques to automatically adjust application resources based on demand.
7. Kubernetes Observability: Explore tools and techniques for monitoring and troubleshooting Kubernetes clusters.
8. Security in Kubernetes: Understand security considerations and best practices for securing Kubernetes deployments.

Finally check this Udemy Course :

I recommend going for the CKA preparation course by Mumshad. His course has a lot of quizzes and the quality is top-notch.

To practice for the CKA exam, you can try the Mock exams. It will help you build confidence and practice many scenarios for the exam.

If you spend 2 Hours a day learning you will ≈ 5-6 Months to complete preparation

You Know Kubernetes

I recommend simply going for the CKA preparation course by Mumshad. His course has a lot of quizzes and the quality is top-notch.

To practice for the CKA exam, you can try the Mock exams. It will help you build confidence and practice many scenarios for the exam.

If you spend 2 Hours a day learning you will ≈ 2-3 Months to complete preparation

CKA Exam: A Syllabus-Based Approach

Here, I will be discussing official Kubernetes resources that can be used to prepare for each topic of the CKA exam. You can use these documentation pages during the exam for reference.

Cluster Architecture, Installation & Configuration

This section of the Kubernetes CKA Exam Syllabus will account for 20% of the questions in the actual exam.

As the name implies, you must be familiar with Kubernetes cluster administration. Of course, you must be familiar with and understand its architecture, as well as how to install and configure it.

Manage role based access control (RBAC)

Role-based access control is a method of managing application or individual user access levels. It’s a useful tool in an administrator’s toolkit for granting fine-grained controls to others.

You should know how to create, modify and delete RBACs.

• Check RBAC Documentation

Use Kubeadm to install a basic cluster

According to the official documentation, the kubeadm cluster creates commands and their associated parameters.

You should be able to operate the kubeadm tool to set up a Kubernetes cluster.

• Kubeadm Documentation

Manage a highly-available Kubernetes cluster

Even though there will be no HA questions on the CKA exam, it is useful to understand the high availability architecture.

The main idea here is to understand how to add nodes to the cluster and configure it to be highly available.

• HA cluster setup using Kubeadm

Provision underlying infrastructure to deploy a Kubernetes cluster

The main goal here is to be able to lay the groundwork for a Kubernetes cluster installation (network, storage, dependencies, etc.)

• Installing Kubeadm
• Create a cluster Kubeadm

For kubernetes to work, you need to have

1. Certain system configurations
2. Container runtime (CRI-O, Containerd, or Docker)
3. kubeadm
4. kubelet and kubectl

Perform a version upgrade on a Kubernetes cluster using Kubeadm

In the exam, you will be asked to upgrade a Kubernetes cluster using Kubeadm.

• Upgrade Kubeadm Cluster

Implement etcd backup and restore

You should learn and practice using the etcdctl utility to backup and restore etcd.

Etcd is the cluster’s key-value store. All cluster configuration and information about pods, services, and so on are stored in key-value format here.

• etcd Backup & Restore Operations

Workloads & Scheduling

This section of the Kubernetes CKA Exam Syllabus will account for 15 % of the questions in the actual exam.

As an orchestrator, Kubernetes is notable for its scaling and system resource management capabilities. To ensure the availability of its applications, the administrator must understand the concepts that enable this feat, as well as how to technically configure them.

Understand deployments and how to perform rolling update and rollbacks

Kubernetes Deployment ensures that an application has a minimum number of replicas running at all times. In the event that a replica fails, the Kubernetes API ensures that a new one is created within minutes.

In the Exam , you should know how to do rollbacks and rollouts of deployments.

• Kubernetes Deployment Concepts
• Kubernetes Rolling Update

Use ConfigMaps and Secrets to configure applications

Configmaps in Kubernetes are useful for storing non-critical data in key-value pair format. They can also be used to inject environment variables into pods.

In the Exam , you should knwo how to use configmaps and secrets objects to create, modify, and delete variables and secrets and make them available to a pod.

• Kubernetes Configmap Concepts
• Kubernetes Secrets Concepts

Know how to scale applications

Kubernetes offers a variety of ways to scale applications, including the use of deployment objects to increase the number of replicas of your application.

Horizontal Pod Autoscalers (HPAs) can be used to increase the number of replicas based on application metrics.

For the Exam , you should be able to scale a pod/deployment. You can follow this tutorial.

• Working With Horizontal Pod Autoscaler

Understand the primitives used to create robust, self-healing, application deployments

For any self-healing application, you should use deployments or stateful sets so that when pods fail, Kubernetes instantly recreates them.

Deployments also allow you to keep track of all the changes you make. You can also easily return to a previous state.

• Kubernetes Deployments

Understand how resource limits can affect Pod scheduling

Cluster management also includes workload management; as an administrator, you should ensure that each pod has access to resources based on its requirements.

Each pod in kubernetes can be assigned a minimum and maximum CPU and memory usage.

• Manage Container Resources
• Pods with resource requests

Awareness of manifest management and common templating tools

This section assumes you’re familiar with tools like kustomization, helm, and so on.

In general , during the Exam , you should be able to create, modify and apply Kubernetes manifests

• Managing Kubernetes Objects
• Manage objects with Kustomize

Services & Networking

This section of the Kubernetes CKA Exam Syllabus will account for 20% of the questions in the actual exam.

Elements are made to communicate within a Kubernetes cluster, flows are routed, and endpoints are exposed. This section focuses on the various Kubernetes network concepts.

Understand host networking configuration on the cluster nodes

Kube-proxy is a component that must be installed on each worker node in order for pods to communicate with one another. Kube proxy participation is required for node networking.

Kubelet is the process by which a worker node communicates with the master node. All of these concepts are required to comprehend networking within Kubernetes.

• Kubernetes Networking

Understand connectivity between Pods

Pods communicate with one another via services. This is made possible by the Kube proxy component.

• Understand Kube Proxy

Understand ClusterIP, NodePort, LoadBalancer service types and endpoints

Understanding each service type and their use cases is critical. Understanding how pods can be added to a service should be given special consideration.

• Kubernetes Service
• External Resource Exposure

Know how to use Ingress controllers and Ingress resources

External entities are granted access to internal cluster services via ingress resources. Ingress controllers are load balancers that enable it.

For the Exam , you should know how to create and configure Ingress Understand Ingress Controllers

• Kubernetes Ingress
• Kubernetes Ingress Controller
• Ingress TLS/SSL Setup

Know how to configure and use CoreDNS

CoreDNS is a highly adaptable and extensible DNS server that can act as the Kubernetes cluster DNS. The CNCF hosts the CoreDNS project, as it does Kubernetes.

• Using CoreDNS for Service Discovery

Choose an appropriate container network interface plugin

The Container Networking Interface (CNI) aims to develop a generic plugin-based networking solution for containers.

For the Exam , you should Know how to choose a CNI according to your needs.

There are numerous options, including Flannel, Calico, and others.

• Kubernetes Network Plugins

The network section accounts for 20% of the exam’s content. You’ll almost certainly be asked to create at least one network policy, endpoint, or ingress.

Storage

This section of the Kubernetes CKA Exam Syllabus will account for 10% of the questions in the actual exam.

Understand storage classes, persistent volumes

• Kubernetes Persistent Volumes

Understand volume mode, access modes and reclaim policies for volumes

• Kubernetes Volume Modes
• Kubernetes Volume Access Modes

Understand persistent volume claims primitive

• Persistent Volumes Claims

Know how to configure applications with persistent storage

By mounting a PVC, application pods can use persistent storage.

• Configure Kubernetes Volume in Pod

Troubleshooting 30 %

This section of the Kubernetes CKA Exam Syllabus will account for 30% of the questions in the actual exam.

Evaluate cluster and node logging

Application logs can aid in understanding the application’s activities and status. The logs are especially useful for troubleshooting and monitoring cluster activity.

Examining logs of Kubernetes control plane components such as etcd and the scheduler can also be very beneficial.

• Kubernetes Logging

Understand how to monitor applications

Monitoring applications can be accomplished by storing logs and analyzing application metrics.

Tools like Prometheus and Grafana are popular because they make metric management simple.

• Monitoring & Logging & Debugging

Manage container stdout & stderr logs

• Create Logging agent (stdeout & stderr )

Troubleshoot application failure

Administrators should also assist users in debugging applications that have been deployed into Kubernetes but are not behaving correctly.

• Understanding Kubernetes Logging
• Debug Kubernetes Objects

Troubleshoot cluster component failure

When users are confident that their application is properly configured, cluster components must be debugged and troubleshooted for failures.

• Debug Kubernetes Cluster

Troubleshoot networking

There may be instances where things go wrong on the network end, such as incorrect configuration of ingress resources.

• Cluster Networking

Some Unofficial Useful CKA Resources

1. Understand kubernetes SSL certificates
2. Simulator for hands-on practice
3. Vim shortcuts. This will help you save time on exams.
4. Hands-on CKA practical question bank on Github

Top 7 CKA exam tips and tricks

Practice , Practice , Practice …

This exam is hands-on in nature, emphasizing the importance of proficiency with the Kubernetes command line interface (kubectl).

My advices are :

Cultivate a high level of comfort and familiarity with kubectl, practicing the art of typing commands swiftly and accurately.

Enroll in the two killer,sh, hands-on sessions and aim for outstanding scores in order to thoroughly prepare yourself before attempting the actual exam.

Make sure to practice using Vim as it is a crucial tool for the CKA exam. The exam environment does not offer IDEs like VSCode, so being proficient in Vim will greatly expedite your task-solving abilities.

Become proficient in json-path queries for the exa : Familiarize yourself with the json-path queries and ensure that you can confidently apply them when needed. The Kubernetes documentation provides examples of queries that you can refer to. Additionally, you can enhance your understanding of jsonpath by taking advantage of KodeKloud’s free course on the topic.

Use the short name of K8s Resources

Useful commands or parameters during the exam

# Use "kubectl describe" for related events and troubleshooting
kubectl describe pods <podid>

# Use "kubectl explain" to check the structure of a resource object.
kubectl explain deployment --recursive

# Add "-o wide" in order to use wide output, which gives you more details.
kubectl get pods -o wide

# Check always all namespaces by including "--all-namespaces"
kubectl get pods --all-namespaces

# Show labels for all pods (or any other Kubernetes object that supports labelling)
kubectl get pods --show-labels

# create a service
kubectl create service clusterip my-service --tcp=8080 --dry-run=client -o yaml

# create a deployment
kubectl create deployment nginx --image=nginx --dry-run=client -o yaml

# create a pod
kubectl run nginx --image=nginx --restart=Never --dry-run=client -o yaml

Use dry run to generate yaml

During the exam, creating K8s resources like pods, deployments, and services from scratch can be time-consuming and challenging to remember their entire structure. To simplify this process, you can use the “dry run” feature to generate a basic YAML file. Then, modify the generated file as needed before using it to create the required resources.

For instance, to address the question of creating an nginx pod with specific resource limits (memory: 1M, CPU: 500m), follow these commands:

Generate the YAML file with dry run:

k run nginx --image=nginx --dry-run=client -o yaml > pod.yaml

Modify the “pod.yaml” file to add the resource limit settings.

Create the pod using the modified YAML file:

k create -f pod.yaml

To save time on input, you can define a shell variable for the --dry-run=client -o yaml option like this:

export do="--dry-run=client -o yaml"

Then, you can use the defined variable in the command like this:

k run nginx --image=nginx $do > pod.yaml

By employing the “dry run” and shell variable approach, you can efficiently create K8s resources and manage their configurations during the exam.

Time management

Since you will be executing the kubectl command multiple times, setting up aliases can save you valuable seconds with each entry. For instance, assigning an alias like ‘k’ for ‘kube-control’ can potentially grant you an additional minute or two towards the end of the exam

alias k=kubectl

In the exam, you have the privilege to access and consult the Kubernetes documentation pages for obtaining crucial information. This unique aspect sets the Kubernetes certification exam apart from others, as it assesses your capability to effectively utilize the documentation rather than relying solely on memorization.

To excel in the exam, it is essential to become well-acquainted with the documentation’s structure and practice efficient searching techniques. Please be aware that using bookmarks is not allowed during the exam, so it is advised to refrain from attempting to do so.

During the exam, managing your time efficiently is crucial. With approximately 15 to 20 questions of varying difficulty levels, it’s essential to make strategic decisions regarding time allocation. Don’t get trapped on a single challenging question and exhaust all your time.

Review Completed Tasks

After each question, it is crucial to review your work meticulously to ensure accuracy. Avoid the risk of spending 10-15 minutes on a question and unintentionally overlooking potential errors

For example, if you have made changes to the kubelet during a task, it is highly recommended to check its status before moving on to another task. This verification step ensures that the kubelet is functioning as expected after the modifications. To check the kubelet’s status, use the following command:

systemctl status kubelet

Stress Management

You will be able to complete the exam in 2 hours.
PLEASE DON’T get panic because :

• First: if it is your first attempt then you have the other left.
• Second: is that you only need 66 % to crack the exam 🙂

Configuration Management during the Exam

As mentioned previously, the CKA exam environment consists of six clusters, each with its own dedicated set of nodes. It is essential to emphasize the significance of switching contexts correctly between these clusters before attempting any tasks in the exam.

One common mistake individuals make is performing actions on the wrong cluster. To avoid this, ensure that you carefully switch the context to the intended cluster before executing any commands or tasks. Paying close attention to this detail will help maintain accuracy throughout the exam and prevent errors caused by working on the wrong cluster

At the start of each task you’ll be provided with the command to ensure you are on the correct cluster to complete the task , for example :

kubectl config use-context k8s

An example of command to ssh to a master node during a kubernetes cluster update :

ssh mk8s-master-0 

Us elevated privileges on the master node :

sudo -i

CKA Exam Questions

Please note that these scripts are not real CKA exam questions.

QUESTION 1 :

You have been asked to create a new ClusterRole that can only create Deployments, Stateful Sets, and DaemonSets. You also need to create a new ServiceAccount in the existing namespace my-namespace and bind the new ClusterRole to the new ServiceAccount, limited to the namespace my-namespace.

kubectl create clusterrole my-clusterrole --verb=create --resource=deployments,statefulsets,daemonsets 

kubectl create serviceaccount my-serviceaccount --namespace=my-namespace 

kubectl create rolebinding my-clusterrole-binding --clusterrole=my-clusterrole --serviceaccount=my-namespace:my-serviceaccount -n my-namespace

The first command creates a new ClusterRole named my-clusterrole with the create verb and the deployments, statefulsets, and daemonsets resources.

The second command creates a new ServiceAccount named my-serviceaccount in the namespace my-namespace.

The third command binds the new ClusterRole my-clusterrole to the new ServiceAccount my-serviceaccount in the namespace my-namespace. This means that the my-serviceaccount ServiceAccount will now have the ability to create deployments, statefulsets, and daemonsets in the my-namespace namespace.

Once these commands have been executed, the new ClusterRole, ServiceAccount, and binding will be created and the deployment pipeline will be ready to use.

QUESTION 2

Given a Kubernetes cluster, find pods that have the label name=max-cpu and are running high CPU workloads.

Write the name of the pod consuming the most CPU to the file /opt/teckbootcamps/cpumax.txt. The file already exists.

The following commands can be used to find the pod consuming the most CPU and write its name to the file /opt/teckbootcamps/cpumax.txt:

kubectl top pods \
    -l name=max-cpu \
    --sort-by=cpu \
    | tail -1 \
    > /opt/teckbootcamps/cpumax.txt

QUESTION 3

In the “teckbootcamps” namespace, several pods have been created.

The backend for each of the two applications : app1, app2 is a pod called “my-nginx”

Create a “allow-net” network policy that only permits traffic from two applications to the “nginx-pod”

kubectl -n teckbootcamps get pods u002du002dshow-labels n## this will display the labels allocated to application 1 and 2 and labels for the nginx-pod , we will use these labels while creating our NetworkPolicy.

apiVersion: networking.k8s.io/v1
metadata:
  name: allow-net
  namespace: teckbootcamps
spec:
  podSelector:
    matchLabels:
      tier: backend
      role: backend-app
  ingress:
  - from:
    - podSelector:
        matchLabels:
          name: app1
          tier: front-app
    - podSelector:
        matchLabels:
          name: app2
          tier: front-app

kubectl apply -f networkPolicy.yaml

QUESTION 4

Kubelet is down in one node of the cluster , try to start it in order to recover the cluster

# Switch node:
ssh node01

# Enter privileged user:
sudo -i

# Check the kubelet service:
systemctl status kubelet

# Start the service and set it to boot:
systemctl restart kubelet
systemctl enable kubelet

# Finally check:
systemctl status kubelet

QUESTION 5

ETCD Backup Recovery

$ etcdctl --endpoints=https://127.0.0.1:2379 --cacert=<trusted-ca-file> --cert=<cert-file> --key=<key-file> snapshot save <backup-file-location>

$ etcdctl --endpoints=https://127.0.0.1:2379 --cacert=<trusted-ca-file> --cert=<cert-file> --key=<key-file> snapshot restore <snapshotdb>;

QUESTION 5

Scaling Kubernetes Pods

# Increase replicas number for nginx-deployment
kubectl scale deployment/nginx-deployment --replicas=5

# Using autoscaling
kubectl autoscale deployment/nginx-deployment --min=2 --max=5

CKA Exam FAQs

Conclusion

Congratulations on completing our comprehensive CKA exam study guide.

By following the roadmap we’ve provided and mastering the essential concepts, you’re well on your way to becoming a Certified Kubernetes Administrator. Remember to practice regularly, explore additional resources, and stay up to date with the latest Kubernetes developments. Best of luck in your CKA exam journey!

Check Other Kubernetes Exams Study Guides :